US10797722B2 - System and method for providing hardware based fast and secure expansion and compression functions - Google Patents
System and method for providing hardware based fast and secure expansion and compression functions Download PDFInfo
- Publication number
- US10797722B2 US10797722B2 US15/178,973 US201615178973A US10797722B2 US 10797722 B2 US10797722 B2 US 10797722B2 US 201615178973 A US201615178973 A US 201615178973A US 10797722 B2 US10797722 B2 US 10797722B2
- Authority
- US
- United States
- Prior art keywords
- length
- input
- data bits
- xor
- output
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active, expires
Links
- 238000000034 method Methods 0.000 title claims abstract description 35
- 230000006870 function Effects 0.000 title abstract description 53
- 238000007906 compression Methods 0.000 title abstract description 20
- 230000006835 compression Effects 0.000 title abstract description 20
- 239000000463 material Substances 0.000 claims abstract description 23
- 238000013144 data compression Methods 0.000 claims description 5
- 238000000638 solvent extraction Methods 0.000 claims description 3
- 238000003860 storage Methods 0.000 description 15
- 238000004519 manufacturing process Methods 0.000 description 11
- 238000004891 communication Methods 0.000 description 9
- 238000004590 computer program Methods 0.000 description 7
- 230000000875 corresponding effect Effects 0.000 description 5
- 238000012545 processing Methods 0.000 description 5
- 230000003287 optical effect Effects 0.000 description 4
- 230000008901 benefit Effects 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 3
- 230000008859 change Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 238000012423 maintenance Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 238000001583 randomness test Methods 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 230000003321 amplification Effects 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 230000015572 biosynthetic process Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000002596 correlated effect Effects 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000012938 design process Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000007613 environmental effect Effects 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 238000010884 ion-beam technique Methods 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 230000000116 mitigating effect Effects 0.000 description 1
- 238000003199 nucleic acid amplification method Methods 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000005855 radiation Effects 0.000 description 1
- 238000009419 refurbishment Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 238000005096 rolling process Methods 0.000 description 1
- 238000005070 sampling Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000003786 synthesis reaction Methods 0.000 description 1
- 210000003813 thumb Anatomy 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
- 230000002087 whitening effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H03—ELECTRONIC CIRCUITRY
- H03M—CODING; DECODING; CODE CONVERSION IN GENERAL
- H03M7/00—Conversion of a code where information is represented by a given sequence or number of digits to a code where the same, similar or subset of information is represented by a different sequence or number of digits
- H03M7/30—Compression; Expansion; Suppression of unnecessary data, e.g. redundancy reduction
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/065—Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/12—Transmitting and receiving encryption devices synchronised or initially set up in a particular manner
Definitions
- the present disclosure relates generally to data encryption and authentication and, in particular, to an improved system and method for generating arbitrary data expansion and compression functions.
- the aviation industry largely depends on the reliable functioning of critical information technology (IT) infrastructure. Like many other industries, the aviation industry is challenged with providing adequate security for such IT infrastructure and mitigating the effects of any cyber events. Examples of cyber events include malicious or suspicious events that compromise, or attempt to compromise, the operation of an aircraft's network, including its data connections, data transmission, and computing systems.
- IT critical information technology
- Some of the desired properties for data expansion and compression functions are that: (1) every input bit affects every output bit; (2) simple changes to the input cause about half of the output bits to flip (on average); and (3) such simple changes generate no obvious correlation between the corresponding output values in accordance with standard statistical randomness tests. Examples of a simple change could be flipping a few bits simultaneously (such as less than about 25%) or applying a transformation to the data with a computer program less than about ten instructions long.
- example implementations of the present disclosure provide a system and method for encoding data.
- the method includes the steps of receiving an input having a first length of input data bits, partitioning the input data bits into groups of input data bits (each group including at least one bit), selecting subkeys from key material for the groups of input data bits such that one subkey is selected for each group of input data bits, and applying at least one XOR operation between the subkeys to generate an output having a second length of output data bits.
- the system includes an input having a first length of input data bits, groups of input data bits that are partitioned from the input data bits (each of the groups including at least one bit), subkeys that are selected from key material for each of the groups of input data bits such that one subkey corresponds with each group of input data bits, and an output having a second length of output data bits that is generated by application of at least one XOR operation between the subkeys.
- the secret key material is stored in a storage device, such as an electronic, magnetic or optical storage device, such as electronic flip-flops, electronic fuses, flash memory, dynamic random-access memory (DRAM), or static random-access memory (SRAM).
- the at least one XOR operation may be implemented by a tree of XOR gates.
- the XOR gates are symmetrically arranged in layers such that the XOR gates in each layer are at the same distance from the input with respect to the number of XOR gates leading to them.
- the XOR gates within a layer switch at about the same time.
- a data expansion function is performed if the first length is less than or equal to the second length.
- a data compression function is performed if the first length is greater than or equal to the second length.
- a nonlinear function is applied to the output, such as an invertible S-Box, non-invertible S-Box, or a series of Rotate-Add-XOR operations.
- FIG. 1 is a logic diagram for expansion and compression functions of arbitrary input and output size in accordance with an example implementation of the present disclosure
- FIG. 2 is a block diagram for a method of expanding and compressing functions of arbitrary input and output size in accordance with an example implementation of the present disclosure
- FIG. 3 is a block diagram of aircraft production and service methodology
- FIG. 4 is a schematic illustration of an aircraft.
- Example implementations of the present disclosure will be primarily described in conjunction with aviation applications. It should be understood, however, that example implementations may be utilized in conjunction with a variety of other applications, both in the aviation industry and outside of the aviation industry.
- an improved system and method provides data expansion and compression functions having arbitrary input and output sizes.
- a data input 102 is received (block 202 ) and is partitioned into consecutive groups of bits (block 204 ).
- the input data bits of data input 102 may be partitioned into sequential groups of input data bits.
- the input 102 is partitioned into groups of two bits each; however, the groups of bits can be of varying sizes so long as there is at least one bit in each group.
- a subkey 106 a , 106 b , 106 c is selected from secret key material 104 by a multiplexer for each of the groups of bits (block 206 ).
- the key material 104 can be stored in various types of electronic, magnetic or optical storage devices such as electronic flip-flops, electronic fuses, flash memory, dynamic random-access memory (DRAM), or static random-access memory (SRAM).
- DRAM dynamic random-access memory
- SRAM static random-access memory
- the subkeys 106 a , 106 b , 106 c taken from the key material 104 can share some bits, as long the same bit does not appear in the same bit position of different subkeys 106 a , 106 b , 106 c (because the XOR operation on the subkeys 106 a , 106 b , 106 c would cancel such bit).
- shared bits is when a subkey is a bitwise rotated version of another subkey.
- Other complex mapping functions of the key material 104 to the subkeys is possible. This can be particularly useful when the size of the storage for the key material 104 is limited.
- the subkeys 106 a , 106 b , 106 c are bitwise XORed (with XOR gates 108 a , 108 b , 110 a , 110 b , 112 ) to generate the output 114 (block 208 ).
- Fast implementation of the XOR operations can be achieved by a tree of two-input XOR gates 108 a , 108 b , 110 a , 110 b , 112 ; however, multi-input XOR gates can also be used in alternative implementation.
- the size of the input 102 and the size of the output 114 are independent of one another. Thus, if the size of the input 102 is less than the size of the output 114 , it is an expansion function. On the other hand, if the size of the input 102 is greater than the size of the output 114 , it is a compression function.
- the data expansion and compression functions as just described with respect to FIGS. 1 and 2 are easily implemented in electronic hardware, where the functions are secure, fast, and consume very little power and energy, and provide very low side channel leakage.
- the data expansion and compression functions of the present disclosure also satisfy the desired properties referenced above in that: (1) if the key material 104 contains random data, every change to an input 102 bit causes the output 114 to be changed by a random subkey 106 a , 106 b , 106 c so every output 114 bit is influenced; (2) simple changes to the input 102 , such as flipping the bits, cause the output 114 to change by an aggregate of the corresponding subkeys 106 a , 106 b , 106 c ; and (3) such simple changes generate no obvious correlation between input 102 values and the corresponding output 114 values in accordance with standard statistical randomness tests.
- the data expansion and compression functions of the present disclosure additionally reduce side channel leakage based their implementation in electronic hardware with simple XOR gates 108 a , 108 b , 110 a , 110 b , 112 . Accordingly, no flip-flops or data registers are needed to store the changing data, which are typically a main source of side channel leakage.
- the gate structure for the data expansion and compression functions is highly symmetric, and the XOR gates 108 a , 108 b , 110 a , 110 b , 112 are arranged in layers, such that the XOR gates in each layer are the same distance from the input 102 in terms of the number of XOR gates in the path leading to them.
- XOR gates 108 a , 108 b are aligned in Level 1
- XOR gates 110 a , 100 b are aligned in Level 2
- XOR gate 112 is in Level 3.
- the gates 108 a , 108 b , 110 a , 110 b , 112 within each specific layer (Layer 1, Layer 2, Layer 3) switch at about the same time. Because there are thousands of concurrent switching events, transients of individual switching events are effectively masked.
- the XOR gates 108 a , 108 b , 110 a , 110 b , 112 have their switching transients in the range of a few picoseconds (ps) so recording and analyzing them would require data acquisition systems with sampling rates in the THz range, which is orders of magnitude faster than presently available technology. Accordingly, the data expansion and compression functions in accordance with the present disclosure are more secure and less apt to attack.
- the system for providing the data expansion and compression functions as shown in FIG. 1 is a linear construction (in a binary Galois field) because it only uses bit selection and XOR operations. As a result, some complex four-way correlations could exist among certain output 114 values corresponding to simply correlated input 102 values. In most applications this is not a concern because the output 114 values remain hidden from an attacker. However, in applications where enhanced security is desired, the data expansion and compression functions of the present disclosure can be further processed by a nonlinear function (block 210 ).
- Such nonlinear function can be, for example, a parallel collection of invertible substitution boxes (S-Boxes), a result of a collection of S-Boxes (which could be invertible S-Boxes) XORed to the output 114 , or a series of Rotate-Add-XOR (RAX) operations.
- S-Boxes invertible substitution boxes
- RAX Rotate-Add-XOR
- the various components of the improved system and method for expanding and compressing data of the present disclosure may be implemented by various means including hardware, alone or under direction of one or more computer program code instructions, program instructions or executable computer-readable program code instructions from a computer-readable storage medium.
- one or more apparatuses may be provided that are configured to function as or otherwise implement the system and method for arbitrarily expanding and compressing data shown and described herein.
- the respective apparatuses may be connected to or otherwise in communication with one another in a number of different manners, such as directly or indirectly via a wireline or wireless network or the like.
- an apparatus of exemplary implementation for the system and method of the present disclosure may include one or more of a number of components such as a processor (e.g., processor unit) connected to a memory (e.g., storage device), as described above.
- the processor is generally any piece of hardware that is capable of processing information such as, for example, data, computer-readable program code, instructions or the like (generally “computer programs,” e.g., software, firmware, etc.), and/or other suitable electronic information. More particularly, for example, the processor may be configured to execute computer programs, which may be stored onboard the processor or otherwise stored in the memory (of the same or another apparatus).
- the processor may be a number of processors, a multi-processor core or some other type of processor, depending on the particular implementation.
- the processor may be implemented using a number of heterogeneous processor systems in which a main processor is present with one or more secondary processors on a single chip.
- the processor may be a symmetric multi-processor system containing multiple processors of the same type.
- the processor may be embodied as or otherwise include one or more application-specific integrated circuits (ASICs), field-programmable gate arrays (FPGAs) or the like.
- ASICs application-specific integrated circuits
- FPGAs field-programmable gate arrays
- the processor may be capable of executing a computer program to perform one or more functions, the processor of various examples may be capable of performing one or more functions without the aid of a computer program.
- the memory is generally any piece of hardware that is capable of storing information such as, for example, data, computer programs and/or other suitable information either on a temporary basis and/or a permanent basis.
- the memory may include volatile and/or non-volatile memory, and may be fixed or removable. Examples of suitable memory include random access memory (RAM), read-only memory (ROM), a hard drive, a flash memory, a thumb drive, a removable computer diskette, an optical disk, a magnetic tape or some combination of the above.
- Optical disks may include compact disk-read only memory (CD-ROM), compact disk-read/write (CD-R/W), DVD or the like.
- the memory may be referred to as a computer-readable storage medium which, as a non-transitory device capable of storing information, may be distinguishable from computer-readable transmission media such as electronic transitory signals capable of carrying information from one location to another.
- Computer-readable medium as described herein may generally refer to a computer-readable storage medium or computer-readable transmission medium.
- the processor may also be connected to one or more interfaces for displaying, transmitting and/or receiving information.
- the interfaces may include a communications interface (e.g., communications unit) and/or one or more user interfaces.
- the communications interface may be configured to transmit and/or receive information, such as to and/or from other apparatus(es), network(s) or the like.
- the communications interface may be configured to transmit and/or receive information by physical (wireline) and/or wireless communications links. Examples of suitable communication interfaces include a network interface controller (NIC), wireless NIC (WNIC) or the like.
- NIC network interface controller
- WNIC wireless NIC
- the user interfaces may include a display and/or one or more user input interfaces (e.g., input/output unit).
- the display may be configured to present or otherwise display information to a user, suitable examples of which include a liquid crystal display (LCD), light-emitting diode display (LED), plasma display panel (PDP) or the like.
- the user input interfaces may be wireline or wireless, and may be configured to receive information from a user into the apparatus, such as for processing, storage and/or display. Suitable examples of user input interfaces include a microphone, image or video capture device, keyboard or keypad, joystick, touch-sensitive surface (separate from or integrated into a touchscreen), biometric sensor or the like.
- the user interfaces may further include one or more interfaces for communicating with peripherals such as printers, scanners or the like.
- program code instructions may be stored in memory, and executed by a processor, to implement functions of the system and method for arbitrarily expanding and compressing data as described herein.
- any suitable program code instructions may be loaded onto a computer or other programmable apparatus from a computer-readable storage medium to produce a particular machine, such that the particular machine becomes a means for implementing the functions specified herein.
- These program code instructions may also be stored in a computer-readable storage medium that can direct a computer, a processor or other programmable apparatus to function in a particular manner to thereby generate a particular machine or particular article of manufacture.
- the instructions stored in the computer-readable storage medium may produce an article of manufacture, where the article of manufacture becomes a means for implementing functions described herein.
- the program code instructions may be retrieved from a computer-readable storage medium and loaded into a computer, processor or other programmable apparatus to configure the computer, processor or other programmable apparatus to execute operations to be performed on or by the computer, processor or other programmable apparatus.
- Retrieval, loading and execution of the program code instructions may be performed sequentially such that one instruction is retrieved, loaded and executed at a time. In some example implementations, retrieval, loading and/or execution may be performed in parallel such that multiple instructions are retrieved, loaded, and/or executed together. Execution of the program code instructions may produce a computer-implemented process such that the instructions executed by the computer, processor or other programmable apparatus provide operations for implementing functions described herein.
- Execution of instructions by a processor, or storage of instructions in a computer-readable storage medium supports combinations of operations for performing the specified functions. It will also be understood that one or more functions, and combinations of functions, may be implemented by special purpose hardware-based computer systems and/or processors which perform the specified functions, or combinations of special purpose hardware and program code instructions.
- illustrative method 500 may include specification and design (block 502 ) of aircraft 602 and material procurement (block 504 ). During production, component and subassembly manufacturing (block 506 ) and system integration (block 508 ) of aircraft 602 may take place. Thereafter, aircraft 602 may go through certification and delivery (block 510 ) to be placed in service (block 512 ). While in service, aircraft 602 may be scheduled for routine maintenance and service (block 514 ). Routine maintenance and service may include modification, reconfiguration, refurbishment, etc. of one or more systems of aircraft 602 .
- Each of the processes of illustrative method 500 may be performed or carried out by a system integrator, a third party, and/or an operator (e.g., a customer).
- a system integrator may include, without limitation, any number of aircraft manufacturers and major-system subcontractors
- a third party may include, without limitation, any number of vendors, subcontractors, and suppliers
- an operator may be an airline, leasing company, military entity, service organization, and so on.
- aircraft 602 produced by illustrative method 500 may include airframe 612 with a plurality of high-level systems 600 and interior 614 .
- high-level systems 600 include one or more of propulsion system 604 , electrical system 606 , hydraulic system 608 , and environmental system 610 . Any number of other systems may be included.
- propulsion system 604 electrical system 606
- hydraulic system 608 hydraulic system 608
- environmental system 610 any number of other systems may be included.
- Any number of other systems may be included.
- an aerospace example is shown, the principles disclosed herein may be applied to other industries, such as the automotive industry. Accordingly, in addition to aircraft 602 , the principles disclosed herein may apply to other vehicles, e.g., land vehicles, marine vehicles, space vehicles, etc.
- Apparatus(es) and method(s) shown or described herein may be employed during any one or more of the stages of the manufacturing and service method 500 .
- components or subassemblies corresponding to component and subassembly manufacturing 506 may be fabricated or manufactured in a manner similar to components or subassemblies produced while aircraft 602 is in service.
- one or more examples of the apparatus(es), method(s), or combination thereof may be utilized during production stages 506 and 508 , for example, by substantially expediting assembly of or reducing the cost of aircraft 602 .
- one or more examples of the apparatus or method realizations, or a combination thereof may be utilized, for example and without limitation, while aircraft 602 is in service, e.g., maintenance and service stage (block 514 ).
Abstract
A system and method for encoding data by providing data expansion and compression functions for arbitrary input and output lengths. The input is partitioned into groups of sequential bits. A subkey is selected from secret key material for each group of the input bits. A tree of XOR gates applies XOR operations between the subkeys to generate the output. The XOR gates are arranged in layers and all the XOR gates within a layer switch at about the same time. A compression function is performed if the input length is greater than or equal to the output length and an expansion function is performed if the input length is less than or equal to the output length. There is no statistical correlation between the input and the output. A nonlinear function can be applied to the output such as an invertible S-Box, non-invertible S-Box, or series of Rotate-Add-XOR operations.
Description
The present disclosure relates generally to data encryption and authentication and, in particular, to an improved system and method for generating arbitrary data expansion and compression functions.
The aviation industry largely depends on the reliable functioning of critical information technology (IT) infrastructure. Like many other industries, the aviation industry is challenged with providing adequate security for such IT infrastructure and mitigating the effects of any cyber events. Examples of cyber events include malicious or suspicious events that compromise, or attempt to compromise, the operation of an aircraft's network, including its data connections, data transmission, and computing systems.
In the field of cryptography, there are many known applications of data expansion and compression functions having fixed, but different, input and output lengths, such as when an input is thoroughly mixed and then increased or reduced to a fixed output size. Examples of known applications of data expansion functions are key generators for memory encryption, key rolling in secure communications, and imbalanced Feistel ciphers on a path of long data. Examples of known applications of data compression functions are building blocks of secure hash functions, randomness amplification of entropy sources and whitening, and imbalanced Feistel ciphers on a path of short data.
Some of the desired properties for data expansion and compression functions are that: (1) every input bit affects every output bit; (2) simple changes to the input cause about half of the output bits to flip (on average); and (3) such simple changes generate no obvious correlation between the corresponding output values in accordance with standard statistical randomness tests. Examples of a simple change could be flipping a few bits simultaneously (such as less than about 25%) or applying a transformation to the data with a computer program less than about ten instructions long.
Known expansion and compression functions can depend on a large amount of secret key material, which makes their behavior unpredictable to an observer who has no access to the secret key material. These types of information security applications typically require significant operation time and consume a significant amount of power. Such security applications also typically lack stringent cryptographic requirements, particularly when one or both the input and the output of the expansion/compression function remains hidden from an observer. A significant threat remains, however, which is that an attacker can still collect information leaked on side channels about the computation work of the functions. Particularly, during operation of electronic devices that are processing data, some information about secret keys or sensitive data can leak in side channels (physical sources of unintended information dissemination), including information about variation of response times, fluctuation of power use that is dependent on the input data and secret keys, and/or ultrasonic or electromagnetic wave radiation. This could lead to discovery of the secret key material or make the function predictable to a certain degree, which creates significant risks in IT security applications.
In addition to side channel leakage, known expansion and compression functions, such as ciphers and cryptographic hash functions, are inflexible with unchangeable (fixed) input and output buffer sizes, are very slow, and consume a lot of power/energy. Also, such prior art systems provide fixed security levels even though some applications in commercial and military aviation may need differing security levels or better performance than existing solutions.
Thus, it is desirable to have an improved system and method for arbitrarily expanding and compressing data that is fast, secure, and reduces side channel leakage without significantly increasing processing time, system complexity, the size of electronic circuits, or power usage when implemented in an electronic device.
In view of the foregoing background, example implementations of the present disclosure provide a system and method for encoding data. The method includes the steps of receiving an input having a first length of input data bits, partitioning the input data bits into groups of input data bits (each group including at least one bit), selecting subkeys from key material for the groups of input data bits such that one subkey is selected for each group of input data bits, and applying at least one XOR operation between the subkeys to generate an output having a second length of output data bits. The system includes an input having a first length of input data bits, groups of input data bits that are partitioned from the input data bits (each of the groups including at least one bit), subkeys that are selected from key material for each of the groups of input data bits such that one subkey corresponds with each group of input data bits, and an output having a second length of output data bits that is generated by application of at least one XOR operation between the subkeys.
Different subkeys may share some of the bits of the key material. The secret key material is stored in a storage device, such as an electronic, magnetic or optical storage device, such as electronic flip-flops, electronic fuses, flash memory, dynamic random-access memory (DRAM), or static random-access memory (SRAM). The at least one XOR operation may be implemented by a tree of XOR gates. The XOR gates are symmetrically arranged in layers such that the XOR gates in each layer are at the same distance from the input with respect to the number of XOR gates leading to them. The XOR gates within a layer switch at about the same time.
There is no statistical correlation between the first length data and the second length data. A data expansion function is performed if the first length is less than or equal to the second length. A data compression function is performed if the first length is greater than or equal to the second length. In a further implementation of the present disclosure, a nonlinear function is applied to the output, such as an invertible S-Box, non-invertible S-Box, or a series of Rotate-Add-XOR operations.
The features, functions and advantages discussed herein may be achieved independently in various example implementations or may be combined in yet other example implementations, further details of which may be seen with reference to the following description and drawings.
Having thus described example implementations of the disclosure in general terms, reference will now be made to the accompanying drawings, which are not necessarily drawn to scale, and wherein:
Some implementations of the present disclosure will now be described more fully hereinafter with reference to the accompanying drawings, in which some, but not all implementations of the disclosure are shown. Indeed, various implementations of the disclosure may be embodied in many different forms and should not be construed as limited to the implementations set forth herein; rather, these example implementations are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art. For example, unless otherwise indicated, reference something as being a first, second or the like should not be construed to imply a particular order. Also, something may be described as being above something else (unless otherwise indicated) may instead be below, and vice versa; and similarly, something described as being to the left of something else may instead be to the right, and vice versa. Like reference numerals refer to like elements throughout.
Example implementations of the present disclosure will be primarily described in conjunction with aviation applications. It should be understood, however, that example implementations may be utilized in conjunction with a variety of other applications, both in the aviation industry and outside of the aviation industry.
According to example implementations of the present disclosure, an improved system and method provides data expansion and compression functions having arbitrary input and output sizes.
As shown in FIGS. 1 (100) and 2 (200), a data input 102 is received (block 202) and is partitioned into consecutive groups of bits (block 204). For example, the input data bits of data input 102 may be partitioned into sequential groups of input data bits. In the example shown in FIG. 1 , the input 102 is partitioned into groups of two bits each; however, the groups of bits can be of varying sizes so long as there is at least one bit in each group.
A subkey 106 a, 106 b, 106 c is selected from secret key material 104 by a multiplexer for each of the groups of bits (block 206). The key material 104 can be stored in various types of electronic, magnetic or optical storage devices such as electronic flip-flops, electronic fuses, flash memory, dynamic random-access memory (DRAM), or static random-access memory (SRAM). When the key material 104 is stored in electronic flip-flops, physical security of the data is enhanced because the synthesis tool of the electronic design process disperses the flip-flops among regular gates such that there are no large memory blocks holding the secret key material 104. This is desirable because large memory blocks can be identified by microscopic inspection and subject to attack by probing, such as with focused ion beams.
The subkeys 106 a, 106 b, 106 c taken from the key material 104 can share some bits, as long the same bit does not appear in the same bit position of different subkeys 106 a, 106 b, 106 c (because the XOR operation on the subkeys 106 a, 106 b, 106 c would cancel such bit). One example of shared bits is when a subkey is a bitwise rotated version of another subkey. Other complex mapping functions of the key material 104 to the subkeys is possible. This can be particularly useful when the size of the storage for the key material 104 is limited.
Referring again to the FIGS. 1 and 2 , the subkeys 106 a, 106 b, 106 c are bitwise XORed (with XOR gates 108 a, 108 b, 110 a, 110 b, 112) to generate the output 114 (block 208). Fast implementation of the XOR operations can be achieved by a tree of two- input XOR gates 108 a, 108 b, 110 a, 110 b, 112; however, multi-input XOR gates can also be used in alternative implementation. The size of the input 102 and the size of the output 114 are independent of one another. Thus, if the size of the input 102 is less than the size of the output 114, it is an expansion function. On the other hand, if the size of the input 102 is greater than the size of the output 114, it is a compression function.
The data expansion and compression functions as just described with respect to FIGS. 1 and 2 are easily implemented in electronic hardware, where the functions are secure, fast, and consume very little power and energy, and provide very low side channel leakage. The data expansion and compression functions of the present disclosure also satisfy the desired properties referenced above in that: (1) if the key material 104 contains random data, every change to an input 102 bit causes the output 114 to be changed by a random subkey 106 a, 106 b, 106 c so every output 114 bit is influenced; (2) simple changes to the input 102, such as flipping the bits, cause the output 114 to change by an aggregate of the corresponding subkeys 106 a, 106 b, 106 c; and (3) such simple changes generate no obvious correlation between input 102 values and the corresponding output 114 values in accordance with standard statistical randomness tests.
The data expansion and compression functions of the present disclosure additionally reduce side channel leakage based their implementation in electronic hardware with simple XOR gates 108 a, 108 b, 110 a, 110 b, 112. Accordingly, no flip-flops or data registers are needed to store the changing data, which are typically a main source of side channel leakage. As shown in FIG. 1 , the gate structure for the data expansion and compression functions is highly symmetric, and the XOR gates 108 a, 108 b, 110 a, 110 b, 112 are arranged in layers, such that the XOR gates in each layer are the same distance from the input 102 in terms of the number of XOR gates in the path leading to them. For example, in the implementation shown in FIG. 1 , XOR gates 108 a, 108 b are aligned in Level 1, XOR gates 110 a, 100 b are aligned in Level 2, and XOR gate 112 is in Level 3. The gates 108 a, 108 b, 110 a, 110 b, 112 within each specific layer (Layer 1, Layer 2, Layer 3) switch at about the same time. Because there are thousands of concurrent switching events, transients of individual switching events are effectively masked. Also, the XOR gates 108 a, 108 b, 110 a, 110 b, 112 have their switching transients in the range of a few picoseconds (ps) so recording and analyzing them would require data acquisition systems with sampling rates in the THz range, which is orders of magnitude faster than presently available technology. Accordingly, the data expansion and compression functions in accordance with the present disclosure are more secure and less apt to attack.
The system for providing the data expansion and compression functions as shown in FIG. 1 is a linear construction (in a binary Galois field) because it only uses bit selection and XOR operations. As a result, some complex four-way correlations could exist among certain output 114 values corresponding to simply correlated input 102 values. In most applications this is not a concern because the output 114 values remain hidden from an attacker. However, in applications where enhanced security is desired, the data expansion and compression functions of the present disclosure can be further processed by a nonlinear function (block 210). Such nonlinear function can be, for example, a parallel collection of invertible substitution boxes (S-Boxes), a result of a collection of S-Boxes (which could be invertible S-Boxes) XORed to the output 114, or a series of Rotate-Add-XOR (RAX) operations.
There are several advantages to use of system and method for arbitrarily expanding and compressing data as described above. Such expansion and compression functions are orders of magnitude faster than prior art cryptographic methods, they consume much less power when they are implemented in electronic hardware, and they are more secure than prior art methods because they leak much less information about the data they are processing on side channels. Thus, deployed systems can use slower electronic components, thereby reducing costs and power consumption of the computing system, yet while improving speed (operation time). Such improved systems can be used for scientific and engineering computations, as well as for security subsystems of aircraft computers, military and space programs, corporate networks, personal and laptop computers, smart mobile devices, and secure communication networks.
According to example implementations of the present disclosure, the various components of the improved system and method for expanding and compressing data of the present disclosure may be implemented by various means including hardware, alone or under direction of one or more computer program code instructions, program instructions or executable computer-readable program code instructions from a computer-readable storage medium.
In one example, one or more apparatuses may be provided that are configured to function as or otherwise implement the system and method for arbitrarily expanding and compressing data shown and described herein. In examples involving more than one apparatus, the respective apparatuses may be connected to or otherwise in communication with one another in a number of different manners, such as directly or indirectly via a wireline or wireless network or the like.
Generally, an apparatus of exemplary implementation for the system and method of the present disclosure may include one or more of a number of components such as a processor (e.g., processor unit) connected to a memory (e.g., storage device), as described above. The processor is generally any piece of hardware that is capable of processing information such as, for example, data, computer-readable program code, instructions or the like (generally “computer programs,” e.g., software, firmware, etc.), and/or other suitable electronic information. More particularly, for example, the processor may be configured to execute computer programs, which may be stored onboard the processor or otherwise stored in the memory (of the same or another apparatus). The processor may be a number of processors, a multi-processor core or some other type of processor, depending on the particular implementation. Further, the processor may be implemented using a number of heterogeneous processor systems in which a main processor is present with one or more secondary processors on a single chip. As another illustrative example, the processor may be a symmetric multi-processor system containing multiple processors of the same type. In yet another example, the processor may be embodied as or otherwise include one or more application-specific integrated circuits (ASICs), field-programmable gate arrays (FPGAs) or the like. Thus, although the processor may be capable of executing a computer program to perform one or more functions, the processor of various examples may be capable of performing one or more functions without the aid of a computer program.
The memory is generally any piece of hardware that is capable of storing information such as, for example, data, computer programs and/or other suitable information either on a temporary basis and/or a permanent basis. The memory may include volatile and/or non-volatile memory, and may be fixed or removable. Examples of suitable memory include random access memory (RAM), read-only memory (ROM), a hard drive, a flash memory, a thumb drive, a removable computer diskette, an optical disk, a magnetic tape or some combination of the above. Optical disks may include compact disk-read only memory (CD-ROM), compact disk-read/write (CD-R/W), DVD or the like. In various instances, the memory may be referred to as a computer-readable storage medium which, as a non-transitory device capable of storing information, may be distinguishable from computer-readable transmission media such as electronic transitory signals capable of carrying information from one location to another. Computer-readable medium as described herein may generally refer to a computer-readable storage medium or computer-readable transmission medium.
In addition to the memory, the processor may also be connected to one or more interfaces for displaying, transmitting and/or receiving information. The interfaces may include a communications interface (e.g., communications unit) and/or one or more user interfaces. The communications interface may be configured to transmit and/or receive information, such as to and/or from other apparatus(es), network(s) or the like. The communications interface may be configured to transmit and/or receive information by physical (wireline) and/or wireless communications links. Examples of suitable communication interfaces include a network interface controller (NIC), wireless NIC (WNIC) or the like.
The user interfaces may include a display and/or one or more user input interfaces (e.g., input/output unit). The display may be configured to present or otherwise display information to a user, suitable examples of which include a liquid crystal display (LCD), light-emitting diode display (LED), plasma display panel (PDP) or the like. The user input interfaces may be wireline or wireless, and may be configured to receive information from a user into the apparatus, such as for processing, storage and/or display. Suitable examples of user input interfaces include a microphone, image or video capture device, keyboard or keypad, joystick, touch-sensitive surface (separate from or integrated into a touchscreen), biometric sensor or the like. The user interfaces may further include one or more interfaces for communicating with peripherals such as printers, scanners or the like.
As indicated above, program code instructions may be stored in memory, and executed by a processor, to implement functions of the system and method for arbitrarily expanding and compressing data as described herein. As will be appreciated, any suitable program code instructions may be loaded onto a computer or other programmable apparatus from a computer-readable storage medium to produce a particular machine, such that the particular machine becomes a means for implementing the functions specified herein. These program code instructions may also be stored in a computer-readable storage medium that can direct a computer, a processor or other programmable apparatus to function in a particular manner to thereby generate a particular machine or particular article of manufacture. The instructions stored in the computer-readable storage medium may produce an article of manufacture, where the article of manufacture becomes a means for implementing functions described herein. The program code instructions may be retrieved from a computer-readable storage medium and loaded into a computer, processor or other programmable apparatus to configure the computer, processor or other programmable apparatus to execute operations to be performed on or by the computer, processor or other programmable apparatus.
Retrieval, loading and execution of the program code instructions may be performed sequentially such that one instruction is retrieved, loaded and executed at a time. In some example implementations, retrieval, loading and/or execution may be performed in parallel such that multiple instructions are retrieved, loaded, and/or executed together. Execution of the program code instructions may produce a computer-implemented process such that the instructions executed by the computer, processor or other programmable apparatus provide operations for implementing functions described herein.
Execution of instructions by a processor, or storage of instructions in a computer-readable storage medium, supports combinations of operations for performing the specified functions. It will also be understood that one or more functions, and combinations of functions, may be implemented by special purpose hardware-based computer systems and/or processors which perform the specified functions, or combinations of special purpose hardware and program code instructions.
As referenced above, examples of the present disclosure may be described in the context of aircraft manufacturing and service. As shown in FIGS. 3 and 4 , during pre-production, illustrative method 500 may include specification and design (block 502) of aircraft 602 and material procurement (block 504). During production, component and subassembly manufacturing (block 506) and system integration (block 508) of aircraft 602 may take place. Thereafter, aircraft 602 may go through certification and delivery (block 510) to be placed in service (block 512). While in service, aircraft 602 may be scheduled for routine maintenance and service (block 514). Routine maintenance and service may include modification, reconfiguration, refurbishment, etc. of one or more systems of aircraft 602.
Each of the processes of illustrative method 500 may be performed or carried out by a system integrator, a third party, and/or an operator (e.g., a customer). For the purposes of this description, a system integrator may include, without limitation, any number of aircraft manufacturers and major-system subcontractors; a third party may include, without limitation, any number of vendors, subcontractors, and suppliers; and an operator may be an airline, leasing company, military entity, service organization, and so on.
As shown in FIG. 4 , aircraft 602 produced by illustrative method 500 may include airframe 612 with a plurality of high-level systems 600 and interior 614. Examples of high-level systems 600 include one or more of propulsion system 604, electrical system 606, hydraulic system 608, and environmental system 610. Any number of other systems may be included. Although an aerospace example is shown, the principles disclosed herein may be applied to other industries, such as the automotive industry. Accordingly, in addition to aircraft 602, the principles disclosed herein may apply to other vehicles, e.g., land vehicles, marine vehicles, space vehicles, etc.
Apparatus(es) and method(s) shown or described herein may be employed during any one or more of the stages of the manufacturing and service method 500. For example, components or subassemblies corresponding to component and subassembly manufacturing 506 may be fabricated or manufactured in a manner similar to components or subassemblies produced while aircraft 602 is in service. Also, one or more examples of the apparatus(es), method(s), or combination thereof may be utilized during production stages 506 and 508, for example, by substantially expediting assembly of or reducing the cost of aircraft 602. Similarly, one or more examples of the apparatus or method realizations, or a combination thereof, may be utilized, for example and without limitation, while aircraft 602 is in service, e.g., maintenance and service stage (block 514).
Different examples of the apparatus(es) and method(s) disclosed herein include a variety of components, features, and functionalities. It should be understood that the various examples of the apparatus(es) and method(s) disclosed herein may include any of the components, features, and functionalities of any of the other examples of the apparatus(es) and method(s) disclosed herein in any combination, and all of such possibilities are intended to be within the spirit and scope of the present disclosure.
Many modifications and other implementations of the disclosure set forth herein will come to mind to one skilled in the art to which this disclosure pertains having the benefit of the teachings presented in the foregoing descriptions and the associated drawings. Therefore, it is to be understood that the disclosure is not to be limited to the specific implementations disclosed and that modifications and other implementations are intended to be included within the scope of the appended claims. Moreover, although the foregoing descriptions and the associated drawings describe example implementations in the context of certain example combinations of elements and/or functions, it should be appreciated that different combinations of elements and/or functions may be provided by alternative implementations without departing from the scope of the appended claims. In this regard, for example, different combinations of elements and/or functions than those explicitly described above are also contemplated as may be set forth in some of the appended claims. Although specific terms are employed herein, they are used in a generic and descriptive sense only and not for purposes of limitation.
Claims (20)
1. A method for encoding data with low side channel leakage comprising the steps of:
receiving an input having a first length of input data bits;
partitioning the input data bits into groups of input data bits, each group comprising at least one bit;
selecting subkeys from key material stored in electronic flip-flops for the groups of input data bits, such that one subkey is selected for each group of input data bits; and
applying at least one XOR operation between the subkeys and the groups to generate an output having a second length of output data bits, wherein the first length is independent of the second length, wherein a data expansion function is performed if the first length is less than or equal to the second length, wherein a data compression function is performed if the first length is greater than or equal to the second length, and wherein the at least one XOR operation is implemented by a tree of XOR gates symmetrically arranged in layers such that the XOR gates in each layer are at the same distance from the input with respect to the number of XOR gates leading to them, wherein switching transients of the XOR gates are in the range of a few picoseconds, whereby transients of individual switching events are masked.
2. The method of claim 1 wherein the groups of input data bits are sequential.
3. The method of claim 1 wherein there is no statistical correlation between the first length data and the second length data.
4. The method of claim 1 wherein the subkeys share some bits of the key material.
5. The method of claim 1 wherein the XOR gates within a layer switch at about the same time.
6. The method of claim 1 further comprising the step of applying a nonlinear function to the output, the nonlinear function being selected from the group consisting of an invertible S-Box, a non-invertible S-Box, and series of Rotate-Add-XOR operations.
7. The method of claim 1 , wherein the electronic flip-flops are dispersed among other gates.
8. A system for encoding data with low side channel leakage comprising:
an input having a first length of input data bits;
groups of input data bits that are partitioned from the input data bits, each of the groups comprising at least one bit;
subkeys that are selected from key material stored in electronic flip-flops for each of the groups of input data bits such that one subkey corresponds with each group of input data bits;
a tree of XOR gates, wherein the tree of XOR gates is symmetrically arranged in layers such that the XOR gates in each layer are at the same distance from the input with respect to the number of XOR gates leading to them, wherein switching transients of the XOR gates are in the range of a few picoseconds, whereby transients of individual switching events are masked; and
an output having a second length of output data bits, the output being generated by application of at least one XOR operation between the subkeys and the groups, the at least one XOR operation implemented by the tree of XOR gates, wherein the first length is independent of the second length, wherein the system is configured to perform a data expansion function if the first length is less than or equal to the second length, wherein the system is configured to perform a data compression function if the first length is greater than or equal to the second length.
9. The system of claim 8 wherein the groups of input data bits are sequential.
10. The system of claim 8 wherein the subkeys share bits of the key material.
11. The system of claim 8 wherein the XOR gates within a layer switch at about the same time.
12. The system of claim 8 , wherein there is no statistical correlation between the first length data and the second length data.
13. The system of claim 8 , further comprising a nonlinear function configured to be applied to the output, the nonlinear function being selected from the group consisting of an invertible S-Box, a non-invertible S-Box, and series of Rotate-Add-XOR operations.
14. The system of claim 8 , wherein the electronic flip-flops are dispersed among other gates.
15. Non-transitory computer readable media comprising computer readable instructions that, when read by at least one electronic processor, configure the at least one electronic processor to encode data with low side channel leakage by performing operations comprising:
receiving an input having a first length of input data bits;
partitioning the input data bits into groups of input data bits, each group comprising at least one bit;
selecting subkeys from key material stored in electronic flip-flops for the groups of input data bits, such that one subkey is selected for each group of input data bits; and
applying at least one XOR operation between the subkeys and the groups to generate an output having a second length of output data bits, wherein the first length is independent of the second length, wherein a data expansion function is performed if the first length is less than or equal to the second length, wherein a data compression function is performed if the first length is greater than or equal to the second length, and wherein the at least one XOR operation is implemented by a tree of XOR gates symmetrically arranged in layers such that the XOR gates in each layer are at the same distance from the input with respect to the number of XOR gates leading to them, wherein switching transients of the XOR gates are in the range of a few picoseconds, whereby transients of individual switching events are masked.
16. The non-transitory computer readable media of claim 15 , wherein the groups of input data bits are sequential.
17. The non-transitory computer readable media of claim 15 , wherein there is no statistical correlation between the first length data and the second length data.
18. The non-transitory computer readable media of claim 15 , wherein the subkeys share some bits of the key material.
19. The non-transitory computer readable media of claim 15 , wherein the XOR gates within a layer switch at about the same time.
20. The non-transitory computer readable media of claim 15 , wherein the operations further comprise applying a nonlinear function to the output, the nonlinear function being selected from the group consisting of an invertible S-Box, a non-invertible S-Box, and series of Rotate-Add-XOR operations.
Priority Applications (6)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US15/178,973 US10797722B2 (en) | 2016-06-10 | 2016-06-10 | System and method for providing hardware based fast and secure expansion and compression functions |
| TW106112753A TWI751153B (en) | 2016-06-10 | 2017-04-17 | System and method for providing hardware based fast and secure expansion and compression functions |
| EP17168210.7A EP3255831B1 (en) | 2016-06-10 | 2017-04-26 | System and method for providing hardware based fast and secure expansion and compression functions |
| CN201710347679.5A CN107491699B (en) | 2016-06-10 | 2017-05-17 | Method and system for encoding data |
| JP2017110602A JP6969908B2 (en) | 2016-06-10 | 2017-06-05 | Systems and methods that provide fast and secure hardware-based expansion and compression functions |
| SG10201704647UA SG10201704647UA (en) | 2016-06-10 | 2017-06-07 | System And Method For Providing Hardware Based Fast And Secure Expansion And Compression Functions |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US15/178,973 US10797722B2 (en) | 2016-06-10 | 2016-06-10 | System and method for providing hardware based fast and secure expansion and compression functions |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| US20170359083A1 US20170359083A1 (en) | 2017-12-14 |
| US10797722B2 true US10797722B2 (en) | 2020-10-06 |
Family
ID=58692329
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| US15/178,973 Active 2036-07-31 US10797722B2 (en) | 2016-06-10 | 2016-06-10 | System and method for providing hardware based fast and secure expansion and compression functions |
Country Status (6)
| Country | Link |
|---|---|
| US (1) | US10797722B2 (en) |
| EP (1) | EP3255831B1 (en) |
| JP (1) | JP6969908B2 (en) |
| CN (1) | CN107491699B (en) |
| SG (1) | SG10201704647UA (en) |
| TW (1) | TWI751153B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11528124B2 (en) | 2021-04-07 | 2022-12-13 | Nxp B.V. | Masked comparison circumventing compression in post-quantum schemes |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5614841A (en) * | 1993-12-24 | 1997-03-25 | Bull S.A. | Frequency multiplier using XOR/NXOR gates which have equal propagation delays |
| US5805932A (en) * | 1994-04-22 | 1998-09-08 | Sony Corporation | System for transmitting compressed data if compression ratio is at least preset ratio and pre-compressed data if compression ratio is less than preset ratio |
| EP2153575A2 (en) | 2007-06-01 | 2010-02-17 | France Telecom | Obtaining derived values depending on a secret master value |
| US20100150350A1 (en) | 2008-12-16 | 2010-06-17 | Itt Manufacturing Enterprises, Inc. | Method and Apparatus for Key Expansion to Encode Data |
| US20130148802A1 (en) | 2006-03-23 | 2013-06-13 | Exegy Incorporated | Method and System for High Throughput Blockwise Independent Encryption/Decryption |
| US20140010364A1 (en) | 2011-03-28 | 2014-01-09 | Sony Corporation | Encryption processing device, encryption processing method, and programme |
| US8839001B2 (en) | 2011-07-06 | 2014-09-16 | The Boeing Company | Infinite key memory transaction unit |
| US8843767B2 (en) | 2011-07-06 | 2014-09-23 | The Boeing Company | Secure memory transaction unit |
| US20160065368A1 (en) | 2014-08-29 | 2016-03-03 | The Boeing Company | Address-dependent key generator by xor tree |
| US20160112188A1 (en) | 2014-10-20 | 2016-04-21 | Hong-Mook Choi | Encryptor/decryptor, electronic device including encryptor/decryptor, and method of operating encryptor/decryptor |
| EP3154217A1 (en) | 2015-10-08 | 2017-04-12 | The Boeing Company | Scrambled tweak mode of block ciphers for differential power analysis resistant encryption |
Family Cites Families (23)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5757913A (en) * | 1993-04-23 | 1998-05-26 | International Business Machines Corporation | Method and apparatus for data authentication in a data communication environment |
| CN1102310C (en) * | 1994-07-14 | 2003-02-26 | 林仙坎 | Method and floppy disk for file encryption |
| JPH0993242A (en) * | 1995-09-27 | 1997-04-04 | Nec Eng Ltd | Data transmitter-receiver |
| JPH09114373A (en) * | 1995-10-20 | 1997-05-02 | Fujitsu Ltd | Encoding system, decoding system and data processor |
| JPH10224341A (en) * | 1997-02-10 | 1998-08-21 | Nec Eng Ltd | Encryption method, decoding method, encryption/decoding method, encryption device, decoder, encryption/decoding device and encryption/decoding system |
| JP4238411B2 (en) * | 1999-04-12 | 2009-03-18 | ソニー株式会社 | Information processing system |
| US6931543B1 (en) * | 2000-11-28 | 2005-08-16 | Xilinx, Inc. | Programmable logic device with decryption algorithm and decryption key |
| US20060195402A1 (en) * | 2002-02-27 | 2006-08-31 | Imagineer Software, Inc. | Secure data transmission using undiscoverable or black data |
| WO2004086622A1 (en) * | 2003-03-25 | 2004-10-07 | Fujitsu Limited | Delay circuit and delay circuit control method |
| WO2005025124A1 (en) * | 2003-09-05 | 2005-03-17 | Telecom Italia S.P.A. | Secret-key-controlled reversible circuit and corresponding method of data processing |
| CN100367676C (en) * | 2004-05-27 | 2008-02-06 | 中国科学院计算技术研究所 | Method and compressing circuits carried by high code rate convolutional codes |
| US8078948B2 (en) * | 2004-09-29 | 2011-12-13 | Nxp B.V. | Two-phase data-transfer protocol |
| US7958436B2 (en) * | 2005-12-23 | 2011-06-07 | Intel Corporation | Performing a cyclic redundancy checksum operation responsive to a user-level instruction |
| CN101577621A (en) * | 2008-05-05 | 2009-11-11 | 姚锡根 | Basic sequence algorithm |
| US8094816B2 (en) * | 2008-10-21 | 2012-01-10 | Apple Inc. | System and method for stream/block cipher with internal random states |
| CN101692636B (en) * | 2009-10-27 | 2011-10-05 | 中山爱科数字科技有限公司 | Data element and coordinate algorithm-based method and device for encrypting mixed data |
| FR2958057B1 (en) * | 2010-03-29 | 2016-04-01 | Univ Nantes | CHAOTIC SEQUENCE GENERATOR, GENERATION SYSTEM, ORBIT MEASUREMENT METHOD AND CORRESPONDING COMPUTER PROGRAM |
| CN101938350B (en) * | 2010-07-16 | 2012-06-06 | 黑龙江大学 | File encryption and decryption method based on combinatorial coding |
| CN102025484B (en) * | 2010-12-17 | 2012-07-04 | 北京航空航天大学 | Block cipher encryption and decryption method |
| JP2013019744A (en) * | 2011-07-11 | 2013-01-31 | Renesas Electronics Corp | Fail point estimation device, method and program |
| CN103051935B (en) * | 2012-12-18 | 2015-06-10 | 深圳国微技术有限公司 | Implementation method and device of key ladder |
| CN103593618A (en) * | 2013-10-28 | 2014-02-19 | 北京实数科技有限公司 | Verification method and system for adoptability of electronic data evidence |
| CN105187851A (en) * | 2015-07-31 | 2015-12-23 | 北京邮电大学 | Speed-adjustable encryption method oriented to mass coded multimedia data and video processing platform employing speed-adjustable encryption method |
-
2016
- 2016-06-10 US US15/178,973 patent/US10797722B2/en active Active
-
2017
- 2017-04-17 TW TW106112753A patent/TWI751153B/en active
- 2017-04-26 EP EP17168210.7A patent/EP3255831B1/en active Active
- 2017-05-17 CN CN201710347679.5A patent/CN107491699B/en active Active
- 2017-06-05 JP JP2017110602A patent/JP6969908B2/en active Active
- 2017-06-07 SG SG10201704647UA patent/SG10201704647UA/en unknown
Patent Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5614841A (en) * | 1993-12-24 | 1997-03-25 | Bull S.A. | Frequency multiplier using XOR/NXOR gates which have equal propagation delays |
| US5805932A (en) * | 1994-04-22 | 1998-09-08 | Sony Corporation | System for transmitting compressed data if compression ratio is at least preset ratio and pre-compressed data if compression ratio is less than preset ratio |
| US20130148802A1 (en) | 2006-03-23 | 2013-06-13 | Exegy Incorporated | Method and System for High Throughput Blockwise Independent Encryption/Decryption |
| EP2153575A2 (en) | 2007-06-01 | 2010-02-17 | France Telecom | Obtaining derived values depending on a secret master value |
| US20100150350A1 (en) | 2008-12-16 | 2010-06-17 | Itt Manufacturing Enterprises, Inc. | Method and Apparatus for Key Expansion to Encode Data |
| EP2200215A1 (en) | 2008-12-16 | 2010-06-23 | Itt Manufacturing Enterprises, Inc. | Method and apparatus for key expansion to encode data |
| US20140010364A1 (en) | 2011-03-28 | 2014-01-09 | Sony Corporation | Encryption processing device, encryption processing method, and programme |
| US8839001B2 (en) | 2011-07-06 | 2014-09-16 | The Boeing Company | Infinite key memory transaction unit |
| US8843767B2 (en) | 2011-07-06 | 2014-09-23 | The Boeing Company | Secure memory transaction unit |
| US20160065368A1 (en) | 2014-08-29 | 2016-03-03 | The Boeing Company | Address-dependent key generator by xor tree |
| US20160112188A1 (en) | 2014-10-20 | 2016-04-21 | Hong-Mook Choi | Encryptor/decryptor, electronic device including encryptor/decryptor, and method of operating encryptor/decryptor |
| EP3154217A1 (en) | 2015-10-08 | 2017-04-12 | The Boeing Company | Scrambled tweak mode of block ciphers for differential power analysis resistant encryption |
Non-Patent Citations (9)
| Title |
|---|
| Communication pursuant to Article 94(3) EPC dated Jan. 24, 2020 in corresponding European Application No. 17 168 210.7, 6 pages. |
| Hars et al., "Pseudorandom recursions II," EURASIP Journal on Embedded Systems 2012, 2012:1, 11 pages. |
| Hars et al.,"Pseudorandom Recursions: Small and Fast Pseudorandom Number Generators for Embedded Applications," EURASIP Journal on Embedded Systems, vol. 2007, Article ID 98417, 2007, 13 pages. |
| Laszlo Hars "Hardware Bit-Mixers ", (Jan. 2016, 7 pages) (Year: 2016). * |
| Mangard et al. (Pinpointing the Side-Channel Leakage of Masked AES Hardware Implementations, CHES 2006, LNCS 4249, pp. 76-90, 2006) (Year: 2006). * |
| Schneier et al. (On the Twofish Key Schedule, SAC'98, LNCS 1556, pp. 27-42, 1999) (Year: 1999). * |
| Search Report and Written Opinion dated Feb. 10, 2020 in corresponding Singaporean Application No. 10201704647U, 9 pages. |
| U.S. Appl. No. 14/473,006, filed Aug. 29, 2014 to Hars. |
| Van der Leest et al. (Hardware Intrinsic Security from D flip-flops, STC'10, Oct. 4, 2010, 10 pages) (Year: 2010). * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11528124B2 (en) | 2021-04-07 | 2022-12-13 | Nxp B.V. | Masked comparison circumventing compression in post-quantum schemes |
Also Published As
| Publication number | Publication date |
|---|---|
| US20170359083A1 (en) | 2017-12-14 |
| EP3255831B1 (en) | 2022-08-17 |
| JP6969908B2 (en) | 2021-11-24 |
| TW201803283A (en) | 2018-01-16 |
| SG10201704647UA (en) | 2018-01-30 |
| JP2018026797A (en) | 2018-02-15 |
| EP3255831A1 (en) | 2017-12-13 |
| CN107491699A (en) | 2017-12-19 |
| CN107491699B (en) | 2023-09-19 |
| TWI751153B (en) | 2022-01-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3337082B1 (en) | Method and system for generation of cipher round keys by bit-mixers | |
| US9794062B2 (en) | Scrambled tweak mode of blockciphers for differential power analysis resistant encryption | |
| CN107017981B (en) | Hardware assisted fast pseudo random number generation | |
| US10944568B2 (en) | Methods for constructing secure hash functions from bit-mixers | |
| US9729310B2 (en) | Scrambled counter mode for differential power analysis resistant encryption | |
| WO2013172790A1 (en) | Methods for determining a result of applying a function to an input and evaluation devices | |
| CN112906070B (en) | Integrated circuit and IoT devices with block cipher side channel attack mitigation and related methods | |
| Lou et al. | Entropy transformation and expansion with quantum permutation pad for 5g secure networks | |
| EP3154216B1 (en) | Data dependent authentication keys for differential power analysis resistant authentication | |
| US10797722B2 (en) | System and method for providing hardware based fast and secure expansion and compression functions | |
| Cheng et al. | Lightweight and flexible hardware implementation of authenticated encryption algorithm SIMON‐Galois/Counter Mode | |
| Gupta et al. | A comparative study of secure hash algorithms | |
| Neethu et al. | XUBA: An authenticated encryption scheme | |
| Mahantesh et al. | Design of secured block ciphers present and hight algorithms and its fpga implementation | |
| US11449311B2 (en) | Random number generator | |
| Ahmad et al. | Performance comparison of the improved power-throughput AES and Blowfish algorithms on FPGA | |
| Suman et al. | A secure color image encryption scheme based on chaos | |
| Ayesha et al. | FPGA implementation of PICO cipher | |
| Nastou et al. | Dynamically modifiable ciphers using a reconfigurable CAST-128 based algorithm on AMTEL's FPSLIC rec |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| AS | Assignment |
Owner name: THE BOEING COMPANY, ILLINOIS Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:HARS, LASZLO;REEL/FRAME:038877/0837 Effective date: 20160609 |
|
| STPP | Information on status: patent application and granting procedure in general |
Free format text: FINAL REJECTION MAILED |
|
| STPP | Information on status: patent application and granting procedure in general |
Free format text: ADVISORY ACTION MAILED |
|
| STPP | Information on status: patent application and granting procedure in general |
Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION |
|
| STPP | Information on status: patent application and granting procedure in general |
Free format text: NON FINAL ACTION MAILED |
|
| STPP | Information on status: patent application and granting procedure in general |
Free format text: NOTICE OF ALLOWANCE MAILED -- APPLICATION RECEIVED IN OFFICE OF PUBLICATIONS |
|
| STPP | Information on status: patent application and granting procedure in general |
Free format text: PUBLICATIONS -- ISSUE FEE PAYMENT VERIFIED |
|
| STCF | Information on status: patent grant |
Free format text: PATENTED CASE |
|
| STPP | Information on status: patent application and granting procedure in general |
Free format text: NON FINAL ACTION MAILED |
|
| STPP | Information on status: patent application and granting procedure in general |
Free format text: NOTICE OF ALLOWANCE MAILED -- APPLICATION RECEIVED IN OFFICE OF PUBLICATIONS |
|
| STPP | Information on status: patent application and granting procedure in general |
Free format text: NOTICE OF ALLOWANCE MAILED -- APPLICATION RECEIVED IN OFFICE OF PUBLICATIONS |
|
| STPP | Information on status: patent application and granting procedure in general |
Free format text: PUBLICATIONS -- ISSUE FEE PAYMENT VERIFIED |
|
| STCF | Information on status: patent grant |
Free format text: PATENTED CASE |
|
| MAFP | Maintenance fee payment |
Free format text: PAYMENT OF MAINTENANCE FEE, 4TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1551); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY Year of fee payment: 4 |